Skip to main content

How to enable user provisioning via SCIM with Entra ID (Formerly Azure AD)

Updated over 6 months ago

This article will walk you through configuring user provisioning via SCIM if you are using Entra ID.

Before you Start

Speak to your Customer Success Manager (CSM) and Account Manager (AM) about your options and the costs around setting up user provisioning via SCIM.

You may also want to discuss details such as what user domains you want to be able to use SSO and whether your CSM will be helping your set this or ensuring you have the correct permissions access to set yourself up.

Getting started on the Skillcast Application

First, you need to prepare credentials and attributes.

Create a token

Go to Management Console > Configuration> API Managementment

Create a new user: Username: e.g. 'SCIM API', add the user domain in 'Domain access' and Tick the following options: 'Enable SCIM v2 API' under the API heading. 'Manage Audience Groups' 'Manage Users' 'Reporting'. Click 'Add API user'.

Click 'Generate new session ID' to generate a token to be used later.

Adding attributes

Ensure that you have added all additional attributes you want to populate on the skillcast portal. You will have to ensure that you make note of all the attributes names on the Skillcast portal as you will need this later when setting up your attributes in Entra ID.

Connecting your Entra ID environment to your Skillcast Application

Entra ID custom Enterprise app

  1. Go to Azure Active Directory > Enterprise applications

  2. Choose + New application

  3. Choose + Create your own application

  4. Enter an app name and choose Integrate any other application you don't find in the gallery (Non-gallery). Then click Create.

  5. Under the heading manage, choose Provisioning, then Get started

Provisioning setup

  1. For Provisioning Mode select Automatic

  2. Enter the credentials:

    • Tenant URL: https://[clientid].skillcast.io/skillcastApi/scim
      Your client ID can be found in your Skillcast application URL which will look something like https://mycompany.e-learningportal.com/, the bold part of the URL is your client ID.

    • Secret Token this is the session ID you generated on the Skillcast app. You can find Session Details from the API management area of the portal. i.e. BDDDBB7A-CD39-431F-8B52EC014F4E895C


  3. Click Test Connection. Azure should return the message
    The supplied credentials are authorised to enable provisioning

  4. Click Save. Click the top right X to close.

  5. Choose Edit provisioning. A new section will be available called Mappings. Expand this section.

  6. Click Provision Azure Active Directory Groups

  7. Change Enabled to No. Click Save. Click Yes for Save changes. Then click Provisioning in the top breadcrumb.

Attribute setup

  1. Click Provision Azure Active Directory Users.

  2. At the bottom of the page click Show advanced options

  3. Click Edit attribute list for customappsso

  4. Scroll to the bottom of the attribute list. Create a new attribute for each Skillcast attribute that you wish to update.

    • Name: urn:scim:skillcast:User:[attribute] e.g. urn:scim:skillcast:User:Division

    • All other fields can be left blank

  5. Click save and under Are you sure you want to make these changes, choose yes. Click the top right X to close.

  6. Again, click Click Provision Azure Active Directory Usersand at the bottom of the table, clickAdd New Mapping`

  7. Using the previous details, add a new attribute

    • Mapping Type: Direct

    • Source Attribute: [relevant field]

    • Target Attribute: Your custom attribute, e.g. urn:scim:skillcast:User:Division

    • Others can be left as default

  8. Click ok

  9. When finished, click save
    A confirmation message may display, click Yes.

User matching (optional)

You may want to match users on their email address instead of the Entra ID default of username.

  1. Choose the field you wish to match users on. i.e. mail

  2. For Match objects using this attribute choose Yes. Press Ok

  3. Choose the attribute with a Matching precedence of 1

  4. For Match objects using this attribute choose No. Press Ok

  5. Edit the field from step 1, change the Matching precedence to 1. Press Ok

  6. Click Save
    A confirmation message may display, click Yes.

Add users to Enterprise application

  1. Within the Enterprise Application, choose User and groups

  2. Click Add user/group

  3. Depending on your Active Directory level, choose None Selected under Users

  4. Select the relevant users in the popup, click Select, click Assign

Test with Provision on demand

  1. Within the Enterprise Application, choose Provisioning

  2. Click Provision on demand

  3. Select a user, click Provision

Limitations and Considerations

  1. Provisioning via SCIM can only be enabled with one token linked to one domain. You will be unable to provision users into different domains using the same credentials/token.

  2. If you are using a different app to set up provisioning via SCIM the steps on the Skillcast platform will be the same; you should have similar steps on the other application however, you will need to seek guidance from that third party for exact details.

Did this answer your question?